Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS13dzN2LTZ4amYtanYyOM4AAtA_

Uncontrolled Resource Consumption in Spray JSON

Recursive decent parsers are susceptible too StackOverflowExceptions on too deeply nested structures as currently "open" parsing state is kept on the stack.

Permalink: https://github.com/advisories/GHSA-ww3v-6xjf-jv28
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS13dzN2LTZ4amYtanYyOM4AAtA_
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: almost 2 years ago
Updated: over 1 year ago

Identifiers: GHSA-ww3v-6xjf-jv28, CVE-2018-18855
References:

https://github.com/spray/spray-json/pull/284
https://security.snyk.io/vuln/SNYK-JAVA-IOSPRAY-72601
https://github.com/advisories/GHSA-ww3v-6xjf-jv28

Repository: https://github.com/spray/spray-json
Blast Radius: 1.0

Affected Packages

maven:io.spray:spray-json

Affected Version Ranges: < 1.3.5
Fixed in: 1.3.5